HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt?

Myriam84 · 07.07.2014, 11:51

Liebe Leute,

nachdem ich mir kürzlich seit Äonen das erste Mal wieder eine Bezahlantivirensoftware gekauft habe (Kaspersky), nach jahrelanger Nutzung von Antivir und Co., wurde da bei einem Komplettscan sofort etwas gefunden: HEUR:Exploit.Script.Generic und noch ein zweites Objekt. Kaspersky bezeichnete es als Malware (Internet sagt Trojaner), desinfizierte und löschte angeblich. Ich finde die Logfile von Kasperky nicht, deswegen weiß ich nur den Namen des einen Fundes, den zweiten habe ich mir nicht gemerkt (ich dachte, ich kann das problemlos nach der Bereinigung nochmal anschauen und nun finde ich es nicht!).

So, nun frage ich mich, ob die Schadsoftware wirklich verschwunden ist - der Rechner ist schon länger extrem langsam, aber da kann der Fehler auch vor dem Rechner sitzen (ich bin leider nicht so versiert)! Ich bin total paranoid

Ich habe eure Anleitung befolgt. Bei defogger hatte ich nicht den Eindruck, dass alles korrekt funktioniert hat, der Scan dauerte nicht mal eine Nanosekunde. Und bei GMER kamen zwei Fehlermeldungen ("Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird", und zwar bei netuser.dat und system).

Hier die Logs (aufgesplitted, sonst hat der Text 17.000 Zeichen):

Defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:23 on 07/07/2014 (Entenrechner)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Entenrechner (administrator) on ENTE on 07-07-2014 12:09:47
Running from C:\Users\Entenrechner\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Entenrechner\Desktop\Tor Browser\App\vidalia.exe
() C:\Users\Entenrechner\Desktop\Tor Browser\App\tor.exe
(Mozilla Corporation) C:\Users\Entenrechner\Desktop\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-927294191-717072922-153577076-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-927294191-717072922-153577076-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-927294191-717072922-153577076-1002\...\MountPoints2: {fab7ab6a-baa4-11e3-bf2d-2016d843b6e9} - "E:\LaunchU3.exe" -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs: , C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = 
SearchScopes: HKCU - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923\Extensions\donottrackplus@abine.com [2014-06-30]
FF Extension: WOT - C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-30]
FF Extension: Ghostery - C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923\Extensions\firefox@ghostery.com.xpi [2014-07-04]
FF Extension: NoScript - C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-30]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-05]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-05]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-05]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-05]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-28] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-28] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-12-03] (Windows (R) 2003 DDK 3790 provider)
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-07 12:09 - 2014-07-07 12:10 - 00022314 _____ () C:\Users\Entenrechner\Desktop\FRST.txt
2014-07-07 12:09 - 2014-07-07 12:09 - 02084352 _____ (Farbar) C:\Users\Entenrechner\Desktop\FRST64.exe
2014-07-07 12:09 - 2014-07-07 12:09 - 00000000 ____D () C:\FRST
2014-07-07 12:07 - 2014-07-07 12:07 - 00000000 _____ () C:\Users\Entenrechner\defogger_reenable
2014-07-07 12:06 - 2014-07-07 12:06 - 00050477 _____ () C:\Users\Entenrechner\Desktop\Defogger.exe
2014-07-07 11:48 - 2014-07-07 11:48 - 00000000 ___RD () C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-07 11:47 - 2014-07-07 11:47 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-07 01:46 - 2014-07-07 01:46 - 00000000 ____D () C:\Users\Entenrechner\AppData\Roaming\.kde
2014-07-07 01:46 - 2014-07-07 01:46 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\GNU
2014-07-07 00:41 - 2014-07-07 01:48 - 00000000 ____D () C:\Users\Entenrechner\Desktop\ALtonale
2014-07-06 17:09 - 2014-07-07 02:50 - 00259298 _____ () C:\windows\WindowsUpdate.log
2014-07-05 01:39 - 2014-07-05 01:39 - 00001359 _____ () C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-05 01:37 - 2014-07-07 12:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-05 01:37 - 2014-07-05 01:37 - 00001162 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-05 01:37 - 2014-07-05 01:37 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-05 01:37 - 2014-05-28 16:38 - 00625760 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-07-05 01:37 - 2014-05-28 16:38 - 00115296 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-07-05 01:37 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2014-07-01 15:55 - 2014-07-07 02:00 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\Adobe
2014-07-01 09:03 - 2014-07-01 09:03 - 00022281 _____ () C:\Users\Entenrechner\Desktop\Adressen.odt
2014-06-23 22:56 - 2014-06-23 22:56 - 00000000 ____D () C:\Users\Entenrechner\Desktop\Alte Firefox-Daten
2014-06-23 22:55 - 2014-06-30 14:48 - 00032165 _____ () C:\Users\Entenrechner\Desktop\Offener Brief.odt
2014-06-12 20:46 - 2014-07-07 02:50 - 00001922 _____ () C:\windows\PFRO.log
2014-06-12 00:16 - 2014-06-13 12:30 - 00033340 _____ () C:\Users\Entenrechner\Desktop\Beschwerde Anhalt 11. Juni.odt
2014-06-11 14:38 - 2014-06-11 18:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 14:37 - 2014-06-11 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 12:46 - 2014-06-10 15:24 - 00015374 _____ () C:\Users\Entenrechner\Desktop\Herr Kießig neu eNummer.odt
2014-06-10 12:43 - 2014-06-10 15:36 - 00021580 _____ () C:\Users\Entenrechner\Desktop\Frau Harten Chavez NACHHAKEN.odt

==================== One Month Modified Files and Folders =======

2014-07-07 12:10 - 2014-07-07 12:09 - 00022314 _____ () C:\Users\Entenrechner\Desktop\FRST.txt
2014-07-07 12:09 - 2014-07-07 12:09 - 02084352 _____ (Farbar) C:\Users\Entenrechner\Desktop\FRST64.exe
2014-07-07 12:09 - 2014-07-07 12:09 - 00000000 ____D () C:\FRST
2014-07-07 12:07 - 2014-07-07 12:07 - 00000000 _____ () C:\Users\Entenrechner\defogger_reenable
2014-07-07 12:07 - 2013-05-22 11:58 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-07 12:07 - 2013-05-22 11:14 - 00000000 ____D () C:\Users\Entenrechner
2014-07-07 12:06 - 2014-07-07 12:06 - 00050477 _____ () C:\Users\Entenrechner\Desktop\Defogger.exe
2014-07-07 12:04 - 2014-07-05 01:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-07 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-07 11:51 - 2012-10-20 07:47 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-07 11:48 - 2014-07-07 11:48 - 00000000 ___RD () C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-07 11:47 - 2014-07-07 11:47 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-07 11:47 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-07 02:50 - 2014-07-06 17:09 - 00259298 _____ () C:\windows\WindowsUpdate.log
2014-07-07 02:50 - 2014-06-12 20:46 - 00001922 _____ () C:\windows\PFRO.log
2014-07-07 02:47 - 2013-07-08 20:00 - 00000000 ____D () C:\Users\Entenrechner\AppData\Roaming\gnupg
2014-07-07 02:29 - 2012-10-20 07:54 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-07-07 02:02 - 2013-05-22 16:15 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\CrashDumps
2014-07-07 02:00 - 2014-07-01 15:55 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\Adobe
2014-07-07 01:48 - 2014-07-07 00:41 - 00000000 ____D () C:\Users\Entenrechner\Desktop\ALtonale
2014-07-07 01:46 - 2014-07-07 01:46 - 00000000 ____D () C:\Users\Entenrechner\AppData\Roaming\.kde
2014-07-07 01:46 - 2014-07-07 01:46 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\GNU
2014-07-06 17:13 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-06 17:10 - 2014-04-30 13:10 - 00000000 ____D () C:\Users\Entenrechner\Desktop\Backup
2014-07-05 01:39 - 2014-07-05 01:39 - 00001359 _____ () C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-05 01:37 - 2014-07-05 01:37 - 00001162 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-05 01:37 - 2014-07-05 01:37 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-05 01:37 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-07-05 01:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-01 09:03 - 2014-07-01 09:03 - 00022281 _____ () C:\Users\Entenrechner\Desktop\Adressen.odt
2014-06-30 14:48 - 2014-06-23 22:55 - 00032165 _____ () C:\Users\Entenrechner\Desktop\Offener Brief.odt
2014-06-23 22:56 - 2014-06-23 22:56 - 00000000 ____D () C:\Users\Entenrechner\Desktop\Alte Firefox-Daten
2014-06-22 18:47 - 2013-08-15 22:24 - 00768688 _____ () C:\windows\system32\perfh019.dat
2014-06-22 18:47 - 2013-08-15 22:24 - 00157826 _____ () C:\windows\system32\perfc019.dat
2014-06-22 18:47 - 2012-10-20 22:21 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-06-22 18:47 - 2012-10-20 22:21 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-06-22 18:47 - 2012-07-26 09:28 - 02671956 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-13 12:30 - 2014-06-12 00:16 - 00033340 _____ () C:\Users\Entenrechner\Desktop\Beschwerde Anhalt 11. Juni.odt
2014-06-12 20:46 - 2013-07-01 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 18:54 - 2014-06-11 14:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 14:37 - 2014-06-11 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 15:36 - 2014-06-10 12:43 - 00021580 _____ () C:\Users\Entenrechner\Desktop\Frau Harten Chavez NACHHAKEN.odt
2014-06-10 15:24 - 2014-06-10 12:46 - 00015374 _____ () C:\Users\Entenrechner\Desktop\Herr Kießig neu eNummer.odt

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-06 17:32

==================== End Of Log ============================

--- --- ---

--- --- ---

HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt?

Log-Analyse und Auswertung: HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt?

HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt?

Ähnliche Themen: HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt?